Skip to content

Instantly share code, notes, and snippets.

@Chocksy

Chocksy/insecure-markdown.md

Last active October 17, 2019 11:17
Show Gist options
  • Save Chocksy/6675562550a558fd28a66ad32740b920 to your computer and use it in GitHub Desktop.
Save Chocksy/6675562550a558fd28a66ad32740b920 to your computer and use it in GitHub Desktop.
Download ZIP
Insecure markdown examples that should be tested.
Raw
insecure-markdown.md

Check out these https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

This is a regular paragraph.

<script>alert('xss');</script>

This is another regular paragraph.

hello <a href="www.google.com">*you*</a>

hello <a name="n" href="javascript:alert('xss')">*you*</a>

[some text](javascript:alert('xss'))

> hello <a name="n"
> href="javascript:alert('xss')">*you*</a>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment